Multiple Vendor Call Gate Creation Input Validation Vulnerability

NetBSD and Sun Microsystems have released patches which correct this vulnerability.

NetBSD has released a kernel patch which may be applied to any of the 1.4x kernel series, as well as version 1.5.

OpenBSD has released a kernel patch for version 2.8.

It is possible to work around tihs vulnerability by building a kernel without the USER_LDT option enabled. In NetBSD it is enabled by default. To disable it, comment it out from the kernel configuration file and rebuild the kernel. If it has been enabled in OpenBSD, it can be disabled in the same manner. For the changes to take effect, both systems must be rebooted with the new kernel installed.

After kernel patches have been installed, the kernel must be rebuilt and the system must be rebooted with the new version.

Sun has released fix information for Solaris.

The fixes for Solaris 7 and 8, x86 versions are available as of this writing. A fix for Solaris 2.6 x86 will be available June 18.

Fixes for versions of Trusted Solaris are not yet available, but should be soon.

The IDs of the Sun fixes are below.

Sun Solaris 8_x86
  • Sun 108529-07

Sun Solaris 2.6_x86
  • Sun 105182-27

Sun Solaris 7.0_x86
  • Sun 106542-16

NetBSD NetBSD 1.4 x86

NetBSD NetBSD 1.4.1 x86

NetBSD NetBSD 1.4.2 x86

OpenBSD OpenBSD 2.8

Sun Trusted Solaris 7.0 x86
  • Sun 109597-05

Sun Trusted Solaris 8.0 x86
  • Sun 110338-02


Privacy Statement
Copyright 2010, SecurityFocus